WordPress Place Order Without Payment for WooCommerce plugin <= 2.6.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WC Place Order Without Payment versions = 2.6.5...

CVE-2026-1599

Bdtask Bhojon All-In-One Restaurant Management System (up to 20260116) is affected by CVE-2026-1599 in the Checkout/placeorder flow. The vulnerability involves an unknown function in /hungry/placeorder where manipulating arguments such as orggrandTotal, vat, service_charge, or grandtotal can trig...

EUVD-2025-7720

Malicious code in bioql PyPI...

CVE-2024-8558

A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of...

CVE-2025-26933

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nitin Prakash WC Place Order Without Payment wc-place-order-without-payment allows PHP Local File Inclusion.This issue affects WC Place Order Without Payment: from n/a through =...

CVE-2025-26933

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nitin Prakash WC Place Order Without Payment wc-place-order-without-payment allows PHP Local File Inclusion.This issue affects WC Place Order Without Payment: from n/a through =...

CVE-2025-26933

CVE-2025-26933 describes a Local File Inclusion in the WordPress plugin “WC Place Order Without Payment” (WooCommerce). Affected: WC Place Order Without Payment

WordPress plugin WC Place Order Without Payment 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-8558

A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of...

Food Ordering Management System 安全漏洞

Food Ordering Management System is a food ordering management system by the individual developer Carlo Montero. It provides an online platform to order food from a restaurant or fast food chain. A security vulnerability exists in Food Ordering Management System version 1.0, which stems from the...

PT-2024-39095 · Unknown · Sourcecodester Food Ordering Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Food Ordering Management System version 1.0 Description: A problematic vulnerability was found in the SourceCodester Food Ordering Management System. This issue affects the Price Handler component, specifically the file...

WordPress WC Place Order Without Payment Plugin < 2.5.2 is vulnerable to Cross Site Scripting (XSS)

Software WC Place Order Without Payment Type Plugin Vulnerable versions 2.5.2 Fixed in 2.5.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 20778007dca1 Credits Rafie Muhammad...

CVE-2022-43046

Food Ordering Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /foms/place-order.php...

PT-2022-26728 · Unknown · Food Ordering Management System

Name of the Vulnerable Software and Affected Versions: Food Ordering Management System version 1.0 Description: The issue is related to a cross-site scripting XSS vulnerability found in the /foms/place-order.php component. This type of vulnerability allows attackers to inject malicious scripts in...

WordPress WC Place Order Without Payment plugin <= 2.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WC Place Order Without Payment plugin versions = 2.1. Solution Update the WordPress WC Place Order Without Payment plugin to the latest available version at least 2.2...

WordPress WC Place Order Without Payment plugin <= 2.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WC Place Order Without Payment plugin versions = 2.1. Solution Update the WordPress WC Place Order Without Payment plugin to the latest available version at least 2.2...

ShopsN v3.0 SQL Injection Vulnerability in Frontend SpecialBusinessController.class.php File

ShopsN is a free e-commerce open source system. ShopsN v3.0 beta3 version SpecialBusinessController.class.php file contains a SQL injection vulnerability due to the system fails to effectively filter the placeorder function. A remote attacker can exploit the vulnerability to obtain sensitive...